Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Message-ID: <46a7e83e.68ba.17e72d6b0aa.Coremail.zuotingyang@126.com>
Date: Wed, 19 Jan 2022 22:56:19 +0800 (CST)
From: zuotina  <zuotingyang@....com>
To: musl@...ts.openwall.com
Subject: Re:Re:Re: [pthread] pthread_barrier_wait  invalid
 case



Hi Team,
Simple feedback on this issue
First,  replace pthread_barrier_wait in timer_create with a custom sync function (implemented by __wait, __wake),
then the problem of panic is solved
But I still think the best way is fixing pthread_barrier_wait. 


In addition, it is also the problem of the timer_create function. Continue to ask for advice.
```c
timer_create:
case SIGEV_THREAD:
r = pthread_create(&td, &attr, start, &args);
    ...
if (syscall(SYS_timer_create, clk, &ksev, &timerid) < 0)
timerid = -1;
```
If this syscall fails, the 'start' thread will reside permanently, 
so the above only sets timerid = -1, which should not be perfect ?
```c
start:
for (;;) {
while (sigwaitinfo(SIGTIMER_SET, &si) < 0);
}

```







At 2021-12-17 22:28:14, "zuotina" <zuotingyang@....com> wrote:

At 2021-12-17 02:16:07, "Rich Felker" <dalias@...c.org> wrote:

>On Thu, Dec 16, 2021 at 11:25:35PM +0800, zuotina wrote:
>> Hi everrone
>> 
>> 
>> I encountered a panic problem when using timer_create recently.
>> Although the probability is small, it still happened.
>> Finaly I found there is a problem in the code of phtread_barrier_wait, 
>> and review code found that there may be problems in the following place, 
>> 81  a_store(&b->_b_lock, 0);
>> 82  if (b->_b_waiters) __wake(&b->_b_lock, 1, 1);
>> If scheduling occurs between lines 81 and 82, it will be not good.
>> So I did an experiment and modified the source code of pthread_barrier_wait to verify my guess
>> ```c
>> 81  a_store(&b->_b_lock, 0);
>>                  /* If it is scheduled out here, when another thread executes pthread_barrier_wait again, 
>>                     it can go through the entire function happily, that is, it will not be blocked */
>>       syscall(yiled); // new add for test
>>                // When the dispatch comes back, this b has been released
>> 82  if (b->_b_waiters) __wake(&b->_b_lock, 1, 1);
>> ```
>
>The intent here is that it's not possible that b has been released,
>because all waiters have to synchronize on b->_b_inst. It's possible
>there's a bug here. I'll look. What arch are you running on?

 running on aarch64. 
 Looking forward to fix, thank you
>> Here is an example of timer_create (src/time/timer_create.c)
>> There are two threads A and B call pthread_barrier_wait. 
>> The call is as follows
>> A thread: (timer_create // parent thread)
>> {
>>        .....
>>       // new add for test---begin
>>        while(b->_b_inst == NULL) {
>>                 syscall(yield);
>>        }
>>      // new add for test---end
>>      pthread_barrier_wait();
>> }
>> B thread: (start // child thread)
>> {
>>        .....
>>       //  Ensure that this function is advanced to the if (!inst) {} branch of barrier_wait
>>       pthread_barrier_wait();
>> }
>> 
>> 
>> In short, the reason for panic is that pthread_barrier_wait is not blocked as expected;
>> I hope you help to confirm whether there is a problem with the implementation 
>> of pthread_barrier_wait or am I wrong?
>> 
>> 
>> Looking forward to your reply. Thank you. 
>
>Thanks for the report.
>
>Rich





 
Content of type "text/html" skipped

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.